PHP is a scripting language that executes server-side. a denial of service vulnerability exists in versions of PHP prior to 7.4.31, 8.0.0 and later, 8.0.24 and later, and 8.1.0 and later, and prior to 8.1.11. The vulnerability stems from the fact that the phar decompressor code recursively decompresses quines gzip files, leading to an infinite loop that can be exploited by attackers to The vulnerability can be exploited to launch a denial-of-service attack.
CPE | Name | Operator | Version |
---|---|---|---|
php php | lt | 7.4.31 | |
php php >=8.0.0, | lt | 8.0.24 | |
php php >=8.1.0, | lt | 8.1.11 |